How to create custom API in WHMCS

In this article we’ll see how to create custom API in WHMCS. The reason I’m writing this is because the information you can find on the net are outdated, and since now we are at WHMCS, there is the need for an update.

WHMCS is a great piece of software. In certain cases though you just can’t do something. Their documentation is surely not helping since not everything is documented, and looking at the code to figure out how things work is not really an option thanks to the file encryption.

Contacting support usually lead to the answer: submit a feature request, this seems interesting. Then checking the various request you see that the same thing has been requested over and over but without even being considered.

First of all, the API functions are stored in /whmcs/includes/api

So if you want to create your own function all you have to do is to place a file in that folder, giving it the name you want, for example mycustomapi.php

We need to make it secure, we can do it by adding a line of code, to make sure the file can’t be accessed directly

<?php
  /*
   My Custom API Function
  */
  if (!defined("WHMCS")) die("This file cannot be accessed directly");
?>

All parameters are posted via you API call in a $_POST variable.

This is the bare minimum code you need, but let’s take a look at the details and make it better than this.

<?php
 function get_env($vars) { $array = array('action' => array(), 'params' => array());
  if(isset($vars['cmd'])) {
    //Local API mode
    $array['action'] = $vars['cmd'];
    $array['params'] = (object)$vars['apivalues1'];
    $array['adminuser'] = $vars['adminuser'];
 
  } else {
    //Post CURL mode
    $array['action'] = $vars['_POST']['action'];
    unset($vars['_POST']['username']);
    unset($vars['_POST']['password']);
    unset($vars['_POST']['action']);
    $array['params'] = (object)$vars['_POST'];
  }
  return (object)$array;
}
 
try {
  $vars = get_defined_vars();
  //Get the parameters
  $request = get_env($vars);


    //insert the code you want to execute here
 

  $apiresults = array("result" => "success", "message" => "Success Message");
} catch (Exception $e) {
  $apiresults = array("result" => "error", "message" => $e->getMessage());
}

This will work exactly like the WHMCS API and you can do everything you want with it, fantasy is the limit here.

4 replies
  1. Hitesh Shukla
    Hitesh Shukla says:

    getting
    {
    “result”: “error”,
    “message”: “Invalid Permissions: API action “mycustomapi” is not allowed”
    }

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *